The Betrayal of the Internet Imaginaire

I asked my friend and colleague, Andrew Russell, to give us his take on Snowden, the NSA, and Internet politics, especially focusing on recent discussions amongst members of the Internet Engineering Task Force. Andy's book, Open Standards and the Digital Age: History, Ideology, and Networks, will be published by Cambridge University Press in early 2014. Readers can contact Andy at arussell@stevens.edu.

“Government and industry have betrayed the internet, and us. By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards.”

-- Bruce Schneier, September 5, 2013

As details of the NSA PRISM program continue to be published, public interest advocates—a mix of civil libertarians, privacy advocates, and security experts—are struggling to form an effective response. President Obama is trapped in the national security apparatus; Congress is useless; and our beloved online destinations—Google, Facebook, Skype, etc.—are compromised, powerless, or both. Where else can we turn to safeguard the integrity of the Internet?

His call to action provides a point of entry to reflect on the state of affairs that Edward Snowden’s trickery has brought to light. Before I continue, I want to make it clear that I admire Schneier’s work (his Eternal Value of Privacy essay is classroom gold), and I very much support his activist impulse. But I also worry that there are some problems with his suggestions—problems that become clearer when we see the issues through the lens of some concepts from the history of technology and STS.

The foundation of Schneier’s argument is a specific vision of the Internet’s history and position in contemporary society—a vision that we can safely assume the Guardian’s readers will share:

“Government and industry have betrayed the internet, and us… This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community.”

With these sentences, Schneier advances two conventional beliefs about the Internet’s history as well its broader social “imaginaire.” First, Schneier presumes that his readers identify with a techno-utopianCalifornian Ideology in which the Internet acts as an agent of liberation and democratization. In this interpretation of the Internet’s world-historical role, its birthright is to escape the clutches of governments, memorably described by John Perry Barlow as “weary giants of flesh and steel.” Second, Schneier’s reference to the Internet’s “creators” invites readers to forget the fundamental irony of the Internet’s creation: the American Department of Defense sponsored the research that produced it, and subsidized the implementation of Internet protocols in popular operating systems of the early 1980s. Omission of this fact tempts us to forget the economic realities of Internet standards—a matter I will return to below.

The “internet” Schneier describes thus embodies a set of principles—a collective vision and fantasy—that are under attack. With the establishment of this shared understanding, Schneier moves briskly to three specific recommendations for action: “expose what you know,” “re-engineer the internet,” and “influence governance.” For the sake of brevity, I’ll confine my comments to his second recommendation, to use engineering and design to subvert the betrayal of the Internet.

“We can design. We need to figure out how to re-engineer the internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information.”

To accomplish these tasks, Schneier calls on the “Internet Engineering Task Force, the group that defines the standards that make the internet run.” He notes that the IETF “has a meeting planned for early November in Vancouver,” and declares that it should “dedicate its next meeting to this task.” We have good reason to believe that Schneier’s faith in the IETF is shared widely: over the past decade or so, the IETF’s modus operandi of “rough consensus and running code” has been invoked repeatedly as a manifesto and organizational template for collaborative endeavors. Observers commonly cite the IETF asboth a generator and an exemplar of a new, distributed form of social organization that can direct the talents of good-natured programmers to build robust systems.

What do IETF participants make of the grandiose role that Schneier and others have imagined for it?Answers to this question may be found by exploring the lengthy discussion of Schneier’s proposal, which began on September 5 on the IETF mailing list—an open, public forum—when Dean Willis posted Schneier’s column and added, “The gauntlet is in our face. What are we goingto do about it?”

The discussion that resulted is difficult to summarize, but fun to read. If you follow the thread, you’ll get a good sense for the IETF’s nuance, experience, humor, touchofparanoia, and—above all—the practicalorientation of its organizational culture. It’s too early to declare any group consensus position, but there is certainly sympathy with Schneier’s agenda, understanding that the crisis presents a “teachable moment,” and recognition that the IETF cannot offer a technological fix singlehandedly. There are no signs whatsoever that the IETF will even try to organize the sort of ambitious technical project of re-engineering that Schneier recommends: as one experienced engineer summarized, “This whole 'surveillance of online activity' is a lot bigger problem than the IETF's work domain. For us to think we can 'solve' it is massively hubristic.”

For my colleagues in STS and the history of technology who wonder about the technical community’s capacity to protect the values of privacy and security, there is an encouraging message: Schneier and other prominent voices in the Internet technical community believe that their success will rely on their ability to combine technical skill with moral fortitude and political will. I believe that most of my academic friends would endorse this approach, and be especially pleased that Schneier and the IETF are not living up to our caricatures of engineers who believe that “technology” can be separated from “politics.” This is good news. However, there are significant institutional obstacles ahead that Schneier and his allies may not realize, and certainly haven’t publicized.

The upshot of this history, for Schneier’s proposal, is that it’s difficult to see how the economics of Internet standardization would allow significant re-engineering to the standards and infrastructure currently in place. The American government can no longer be trusted, and this Congress has a poor track record of supporting science and technology. There’s no reason why capitalists would be interested, either. The giants of today’s Internet industries (Cisco, Huawei, Google, Comcast, et al), if trustworthy at all, only would support new standards that fit into their existing business plans. Venture capitalists are equally unreliable, since they seem to prefer to invest in high-margin “app economy” start-ups that take advantage of existing infrastructure. They know that investments in a new, open infrastructure would not generate the profits they desire.

Apart from the economics of Internet standards, there are also aspects of its institutional sociology that pose problems. Standards bodies are, by design, incrementalist organizations. In most cases they are not effective venues for conducting research or promulgating new techniques. Again, Internet history clarifies the point: the IETF was created in 1986 as a forum to stabilize implementations of TCP/IP, which was first developed over 10 years earlier. In other words, its foundational value was to sustain technological momentum, not to initiate it. One needs only a passing familiarity with some conceptual foundations of STS and the history of technology—Thomas Hughes’s “momentum,” Ludwik Fleck’s “thought collectives,” and and Joseph Schumpeter’s “creative destruction”—to understand that we’re more likely to see radical changes and fresh ideas come from somewhere else, somewhere unexpected.

If Fleck and Schumpeter were right, new ideas will arise from a place unaffected by the stable alliances of technical ideas, cultural norms, and business models in the IETF. We can and should count on the IETF for incremental suggestions for the Internet, but only an act of “dot org entrepreneurship” can generate something truly different. If/when that happens, it won’t be the "internet" that Schneier, Snowden, and their allies seek to defend: it would have a new “imaginaire” that, one hopes, would embody the values of privacy and security in ways the Internet does not and never has.

I’ll conclude with a historian’s lament. I worry that we are witnessing a cautionary tale of writing history without the benefit of one of our most powerful tools: long-term perspective. Thus far, it has seemed reasonable to cast the Internet’s brief history as a narrative of success. Perhaps it is time to re-imagine Internet history as a tragedy.

25
comments

Fabulous essay, Andrew! I was teaching class earlier today and read aloud to the students the Barlow "weary giants of flesh and steel" declaration, and for the first time realized that my students might not be familiar with, or even sympathetic to, this early generation of Internet essentialists. We did not have time to fully hash it out in discussion, but my sense is that they have a much more complex relationship to the triumphalist Internet narrative than did my students of even a few years ago. Perhaps not yet a tragic perspective, but not quite the unalloyed utopianism of previous classes.

We have not gotten to the Snowden/NSA case yet, but will soon. I am pleased to have your essay as a resource.

Well written and compelling narrative. I think your characterization of the advantages posed in the current governance mechanisms to existing applications (your Googles, Yahoos, Facebooks, etc.) is spot on and has interesting implications for reflecting on the history of the commercialization of the Web. In any case, keep up the good work.

Good essay, telling points, useful links; I found the sour-note ending jarring but also, unfortunately, perhaps accurate. You're right in saying we're too close in time to be able to have much of a perspective on the history of the Internet from, say, fifty and more years on.

I submit that good ideas may come from anywhere, even including the greybeards of the IETF. While their duties may focus on the incremental, I suspect their minds are not so locked in.

The solution, if there is one, will as readily and importantly be of a political, social bent - an aspect that does not leave me filled with hope. It may be that I've been overly-influenced by recently reading the Mars Trilogy; yet watching trends over the past forty years lends itself easily to seeing the eventual effective dictatorship of groupings of Robinson's "meta-national" corporations.

I used to believe that whatever humans make they can break, re-make, or alter; now I'm not so sure. In any event, good luck to us all.

Total reengineering of the Internet would indeed be very hard. Adding tools to make surveillance much harder, and encouraging their use, where the tools are open sourced (so harder to tamper with), is quite possible. Something that for example adds to TLS with some ability to run extra Diffie-Hellman exchanges, and to send comparisons of some function (ANY function) of hashes of the key to check if it is the same or if there is a MITM, is perfectly feasible. It is possible to make it hard for a MITM attack to succeed. (Recall a D-H exchange produces a valid shared key even if the whole exchange is wiretapped; the wiretapper cannot figure out the key.) Some other tricks have been suggested which can be used for the comparison. Remember the "escrowed encryption" scheme, and how it got shot down in part because it was shown not to work. Adding some more tools and making them commonly used is doable. This does not imply the political systems are just fine; they need to be fixed. It wasn't that long ago that it was accepted police needed a warrant to enter your home, or a warrant showing probable cause to inspect your communications. At least that much of the US constitution had not been forgotten or redefined to oblivion. It sure has now...but some remember what it meant when written (and how else can you understand a document save using the vocabulary from its origin? That is after all why there are footnoteswith many Shakespeare plays, or for that matter for the Bible.) It is past time to stop the perpetual panic and remember how at least American (and evidently many other polities') jurisprudence is supposed to work, and remember that police work is easy only in a police state.

Interesting stuff.I think that Internet will 'evolve' (if we can call it that way) from the semi borderless space that is today, to a heavily controlled borders that we have in the physical world. US probably already do that, but I'm saying that the other countries will start doing it also. Great Firewalls everywhere, a cyber-UN organization, etc.It's bassically the end of the Internet as we know it.

Yes, I made this point among my friends several years ago. I say, "This is not the internet I dreamed of in 1992. No way." It seems to me that it has turned into a nightmare. Perhaps understanding the human condition it was too idealistic to have thought otherwise.

Today, every day, when I use the internet I ask, "Why?" Why am I here? Why do I give my time and energy to this thing that has become evil. Habit, that is the only answer I have. Habit die hard. Yes, habit and one more thing. There is no going back. Whatever the internet morphs into it is here to stay. The clock cannot be unwound I think you say.

I like your essay. Things like cyber bullying, gaffes that are remembered "forever", digital "rot" and the collective "amnesia" and indifference under information overload have been discussed like abberations of the internet age rather than maybe consequences of the internet age. I remember their being some discussion in the beginning on the possibility of dividing the public into "eloi" and "morlocks" i.e. those understood and worked on the technological underpinnings and those who just used the web.It seems to me that the "morlocs" won that debate because everywhere you see there are "morloc" institutions, task forces, standard bodies without much "eloi" participation or oversight.Now it seems the "morlocs" have been betrayed by nastier creatures and need "eloi" political support to change the state of affairs. You have to realize that for most "eloi" nothing has really changed. The cats on youtube are still there :). What I'm saying is that I would welcome a debate regarding web-ethics that doesn't solely default to "privacy" and "liberty".

Having said that I think the part about finding sponsors and drawing the parallel to ipv6 is wrong. Other nation states are now in the mix and would make powerful sponsors indeed. I think engineers could play a pivotal roll in using that sponsorship to not just serve narrow national interests but I think any proposals will have to take them into account. Having one nation state dominate the internet does not seem to me to be a stable state of affairs.

The example of success, implementation of IPV4 in 1996, and the example of failure, IPV6, is a bad analogy. First, size matters. Installed base matters. The existence of work-arounds matter. This is not a reason to imply that IETF solutions will always be ignored.

Second, implying that only a historian of the internet has the long term perspective is blather. The grey beards in the IETF has collective experience that ensures that history is given due consideration.

Change occurs when the impetus is sufficient to overcome inertia and institutional pressures. Pressure against change by all those departments of the US government who benefit from the current system will be enormous. Since NSA "leaks" to police forces, the IRS and many other agencies, those will all work against any change that shuts the NSA eaves droppers out. Remember, the actions these people take are illegal. Helping them continue is abetting an ongoing illegal enterprise.

On the other side, the users of the internet should understand that whether or not they have secrets that they don't want to share, they do have a right to privacy. Right now the NSA has the equivalent of a camera in every room of their (internet) house. While that may be a benign loss of security right now, there is no guarantee it will always be so.

The blase assumption that the government is to be trusted and that all these intrusions are good for us, that we need not be concerned and that even if we were concerned there is nothing we can do, is an acceptance of whatever comes without even trying to resist.

If NSA PR flacks had wanted to write an article hoping to anaesthetize people, they could have done no better than this article.

If you asked people back in 1990 could the internet span the globe and deliver information from any one place on the planet to any other in real time, that it would have hundreds of millions of users, they would have said impossible. They would have looked back at history and taken the long view and said it was impossible, not even to be considered.

I hope the movement that Schneier is starting now ignores the small minds and control advocates and pushes on.

Because content starts and ends in the leaves of the internet, at the very least those leaves who care can take control and re-engineer their activity to be intrusion free. As the number of methods of freeing yourself from government oversight grows, as UIs simplify, methods could easily be pervasive in just a few years.

Schneier's most recent Crypto-gram linked variously, then to an article "presented as disagreeing" but with which he agreed , then here as "a rebuttal to [his] essay."

So I came straight here to gauge opposing views fearing blogospheric vitriol, but enjoyed instead a reasoned and respectful appraisal. Though siding with Brent Beach, I won’t endorse his unduly harsh chide, and hope instead we’re all on the same side.

Aligned with Schneier's "imaginairing" (if not imagineering, now trademarked by some company!) does find the objections in the article above a tad pragmatic. Idealism is (err, should be) a primary benchmark for civilization's endeavors. And after all, you’re engineers. If the boss says power the thing with unobtainium, make it so - complain about impossible and you’re out the door.

Which brings us to that final sorry lament. Even wearing my NSA authoring cap, I would leave that bit in. Broadened, in fact, to include most applied science and engineering, which is veering into malign chaos.

My biggest take-away from 20 years on the Internet is discovering how many greedy, malicious, dangerous people are a mere keystroke away. That alone has obliterated all youthful delusion of some brave new world.

Interesting post .I think that Internet will 'evolve' (if we can call it that way) from the semi borderless space that is today, to a heavily controlled borders that we have in the physical world. US probably already do that, but I'm saying that the other countries will start doing it also. Great Firewalls everywhere, a cyber-UN organization, etc.\Thanks for this nice post .Diseño web asturias

1. You believe it is not easy to re-engineer the InternetLet me get this right. Your first argument (as historians) is that 'creating' a world wide net that facilitates true security and privacy is not easy.

I agree. So do you think Schneier, one of the worlds most respected Internet security figures doesn't realise and the IETF probably don't realise what kind of challenge that presents?

2. We can't trust business or government to assistOk, again I agree.

3. The IETF is a 'body' for standards and as a rule these organisations are not known for being innovative.Umm Ok (Technically many Internet/Protocol/Network standards actually evolve from RFC's (https://en.wikipedia.org/wiki/Request_for_Comments) so it's pretty much anyone in the world that can and does submit ideas but whatever)

Personal note: Your 'historians lament' seems ridiculous; imagine the Internet is a tragedy?? (And you are writing a blog about it to publicise that??)The net provides a faster way of communicating recorded data. Why wouldn't the tragedy be the invention of writing? I mean if people couldn't write about stuff, the net wouldn't mean much.

Anyway if there is something here that can't be summarized as 'it's too hard, so let's not start', or if there's something that explains why it is a poor choice for the human race to desire privacy and/or anonymity, I sure missed it.

My vote is that it's NOT ok for everything to be stored 'just in case'. I am not a terrorist, I have no plans on becoming one. I definitely do NOT like being indiscriminately treated like I am or might be one, and it's not good enough to simply say 'well it's the government so it's ok for them to treat you like that'.

Just a short comment, the Internet referenced by Schneier is not the ARPANet.It *was* created by engineers, in the sense that this is the group that created most of the current abilities. ARPANet, and what the military envisioned had obviously a very different set of goals, even though there are a few intersections.

Interesting. I would like to applaud your efforts of giving light to a very difficult and diverse topic. optimize. Both the netizens and the government are correct; they do have their own reason why they say what they say, but we must accept the fact that there are people who use the internet for evil. The worse in my opinion is human trafficking. Instead of ranting about how the government is using the internet to spy on people, we should propose solutions with actions. According to a local seo phoenix team, In fairness to the netizens it is not right for the government to hack just about anyone's personal account, but instead they should focus on the bigger problem at hand.